Mullvad rolls out exit-IP mitigation
Mullvad published a help update listing VPN servers that have received a new mitigation for an exit IP fingerprinting issue. The underlying problem could let websites infer that a user who moved from one Mullvad server to another is the same user, based on how exit IPs were assigned, without revealing the user’s real identity. Mullvad says the new assignment method removes that linkage and is being rolled out gradually across its fleet.
Mullvad is treating a subtle privacy leak like an infrastructure hardening task, which is the right call for a VPN business. This is not a headline-grabbing breach, but it is a meaningful fix because it reduces server-to-server linkability that could undermine anonymity assumptions.
- –The issue is about fingerprinting across VPN servers, not exposure of a user’s real IP or account identity.
- –Mullvad says the fix changes exit IP assignment so one server’s choice no longer reveals anything about another server’s choice.
- –The rollout is already active on a mix of AU, CA, DE, FI, FR, IE, NO, SE, and US servers.
- –Users with a threat model that depends on breaking linkage when switching servers are advised to log out and back in to regenerate the WireGuard key and internal tunnel address.
DISCOVERED
4h ago
2026-05-26
PUBLISHED
18h ago
2026-05-25
RELEVANCE
AUTHOR
Cider9986